in order to deprecate crypto(4) interface regress tests need to be
converted.
this aes test case actually uses ecb vectors, therefore no chaining
is required and the code looks very simple.
OK?
diff --git regress/sys/crypto/aes/Makefile regress/sys/crypto/aes/Makefile
index 459aedb..826d98c 100644
--- regress/sys/crypto/aes/Makefile
+++ regress/sys/crypto/aes/Makefile
@@ -1,9 +1,13 @@
# $OpenBSD: Makefile,v 1.2 2014/01/18 05:54:52 martynas Exp $
-PROG= aestest
+DIR= ${.CURDIR}/../../../../sys
+
+CFLAGS+= -I${DIR}
+PROG= aestest
+SRCS= aestest.c
CDIAGFLAGS= -Wall
#CDIAGFLAGS+= -Werror
CDIAGFLAGS+= -Wpointer-arith
CDIAGFLAGS+= -Wno-uninitialized
CDIAGFLAGS+= -Wstrict-prototypes
@@ -12,9 +16,12 @@ CDIAGFLAGS+= -Wunused
CDIAGFLAGS+= -Wsign-compare
CDIAGFLAGS+= -Wshadow
REGRESS_ROOT_TARGETS= run-regress-${PROG}
+.PATH: ${DIR}/crypto
+SRCS+= rijndael.c
+
run-regress-${PROG}: ${PROG}
- ${SUDO} ./${PROG} ${.CURDIR}/vectors/*.txt
+ ./${PROG} ${.CURDIR}/vectors/*.txt
.include <bsd.regress.mk>
diff --git regress/sys/crypto/aes/aestest.c regress/sys/crypto/aes/aestest.c
index 2437c38..720dbc1 100644
--- regress/sys/crypto/aes/aestest.c
+++ regress/sys/crypto/aes/aestest.c
@@ -24,117 +24,39 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
- * Test crypto(4) AES with test vectors provided by Dr Brian Gladman:
- * http://fp.gladman.plus.com/AES/
+ * Test kernel AES implementation with test vectors provided by
+ * Dr Brian Gladman: http://fp.gladman.plus.com/AES/
*/
-#include <sys/types.h>
#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/sysctl.h>
-#include <crypto/cryptodev.h>
+#include <crypto/rijndael.h>
#include <err.h>
-#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <ctype.h>
static int
-syscrypt(const unsigned char *key, size_t klen, const unsigned char *in,
+docrypt(const unsigned char *key, size_t klen, const unsigned char *in,
unsigned char *out, size_t len, int do_encrypt)
{
- struct session_op session;
- struct crypt_op cryp;
- int cryptodev_fd = -1, fd = -1;
- u_char iv[32];
-
- /*
- * Kludge; the kernel doesn't support ECB encryption so we
- * use a all-zero IV and encrypt a single block only, so the
- * result should be the same.
- */
- bzero(iv, sizeof(iv));
-
- if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- warn("/dev/crypto");
- goto err;
- }
- if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
- warn("CRIOGET failed");
- goto err;
- }
- memset(&session, 0, sizeof(session));
- session.cipher = CRYPTO_AES_CBC;
- session.key = (caddr_t) key;
- session.keylen = klen;
- if (ioctl(fd, CIOCGSESSION, &session) == -1) {
- warn("CIOCGSESSION");
- goto err;
- }
- memset(&cryp, 0, sizeof(cryp));
- cryp.ses = session.ses;
- cryp.op = do_encrypt ? COP_ENCRYPT : COP_DECRYPT;
- cryp.flags = 0;
- cryp.len = len;
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
- cryp.iv = (caddr_t) iv;
- cryp.mac = 0;
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- warn("CIOCCRYPT");
- goto err;
- }
- if (ioctl(fd, CIOCFSESSION, &session.ses) == -1) {
- warn("CIOCFSESSION");
- goto err;
- }
- close(fd);
- close(cryptodev_fd);
- return (0);
-
-err:
- if (fd != -1)
- close(fd);
- if (cryptodev_fd != -1)
- close(cryptodev_fd);
- return (-1);
-}
-
-static int
-getallowsoft(void)
-{
- int mib[2], old;
- size_t olen;
-
- olen = sizeof(old);
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_CRYPTODEVALLOWSOFT;
- if (sysctl(mib, 2, &old, &olen, NULL, 0) < 0)
- err(1, "sysctl failed");
-
- return old;
-}
-
-static void
-setallowsoft(int new)
-{
- int mib[2], old;
- size_t olen, nlen;
-
- olen = nlen = sizeof(new);
-
- mib[0] = CTL_KERN;
- mib[1] = KERN_CRYPTODEVALLOWSOFT;
-
- if (sysctl(mib, 2, &old, &olen, &new, nlen) < 0)
- err(1, "sysctl failed");
+ rijndael_ctx ctx;
+ int error = 0;
+
+ memset(&ctx, 0, sizeof(ctx));
+ error = rijndael_set_key(&ctx, key, klen * 8);
+ if (error)
+ return -1;
+ if (do_encrypt)
+ rijndael_encrypt(&ctx, in, out);
+ else
+ rijndael_decrypt(&ctx, in, out);
+ return 0;
}
static int
match(unsigned char *a, unsigned char *b, size_t len)
{
@@ -221,21 +143,21 @@ do_tests(const char *filename, int test_num, u_char *key,
u_int keylen,
{
char result[32];
int fail = 0;
/* Encrypt test */
- if (syscrypt(key, keylen, plaintext, result, textlen, 1) < 0) {
- warnx("encrypt with /dev/crypto failed");
+ if (docrypt(key, keylen, plaintext, result, textlen, 1) < 0) {
+ warnx("encryption failed");
fail++;
} else if (!match(result, ciphertext, textlen)) {
fail++;
} else
printf("OK encrypt test vector %s %u\n", filename, test_num);
/* Decrypt test */
- if (syscrypt(key, keylen, ciphertext, result, textlen, 0) < 0) {
- warnx("decrypt with /dev/crypto failed");
+ if (docrypt(key, keylen, ciphertext, result, textlen, 0) < 0) {
+ warnx("decryption failed");
fail++;
} else if (!match(result, plaintext, textlen)) {
fail++;
} else
printf("OK decrypt test vector %s %u\n", filename, test_num);
@@ -348,24 +270,15 @@ run_file(const char *filename)
}
int
main(int argc, char **argv)
{
- int allowed = 0, fail = 0, i;
+ int fail = 0, i;
if (argc < 2)
errx(1, "usage: aestest [test-vector-file]");
- if (geteuid() == 0) {
- allowed = getallowsoft();
- if (allowed == 0)
- setallowsoft(1);
- }
-
for (i = 1; i < argc; i++)
fail += run_file(argv[1]);
- if (geteuid() == 0 && allowed == 0)
- setallowsoft(0);
-
return fail > 0 ? 1 : 0;
}
